Standard run

Play the Standard run scenario Mid-size SaaS company. Balanced challenge.

Mid-size SaaS company. Balanced challenge.

A 500-employee Cloud-Native SaaS firm. Standard difficulty. Use this for your first playthrough.

What is the Standard run scenario?

A 500-employee Cloud-Native SaaS firm. Standard difficulty. Use this for your first playthrough. The standard run drops you into a mid-size SaaS company with no exotic constraints — a balanced budget, a moderate team, no inherited breach, no industry-specific regulator pressure. It is the cleanest test of how a CISO sequences program-building when the only forcing function is time itself: 20 quarters, a board that wants posture, customer trust, and budget discipline, and a register full of risks that will all eventually fire if ignored. Most playthroughs at this difficulty fail not on a specific incident but on the slow accumulation of friction, morale erosion, and architecture decay that compound across years.

How does the Standard run scenario start?

Difficulty: standard
Tech profile: Cloud-Native SaaS
Region: US
Starting team: 1 ciso
Year-1 budget: $750k
Annual budget growth: 20%

How do you win the Standard run scenario?

Reach Composite ≥ 60, Board ≥ 30, Overspend ≤ $500k at Q20.

Which risks matter most in Standard run?

Which investments are recommended for Standard run?

Strong starting purchases for this scenario, ordered by relevance:

How do you start playing the Standard run scenario?

Click Play CISO Game free to start a no-signup demo run. On the Setup screen, pick the Standard run tile and the difficulty, budget, and team will pre-fill. Hit Start Game and you're in.

Play the Standard run scenario →